Shiro认证过程 创建SecurityManager---》主体提交认证---》SecurityManager认证---》Authenticsto认证---》Realm验证 Shiro授权过程 创建SecurityManager---》主体授权---》ecurityManager授权---》Authorizer授权---》Realm获取角色权限数据
1.pom.xml
<?xml version="1.0" encoding="UTF-8"?> <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd"> <parent> <artifactId>ylht-shiro</artifactId> <groupId>com.ylht</groupId> <version>1.0-SNAPSHOT</version> </parent> <modelVersion>4.0.0</modelVersion> <artifactId>shiro-test</artifactId> <dependencies> <!-- https://mvnrepository.com/artifact/org.apache.shiro/shiro-core --> <dependency> <groupId>org.apache.shiro</groupId> <artifactId>shiro-core</artifactId> <version>1.4.0</version> </dependency> <!-- https://mvnrepository.com/artifact/junit/junit --> <dependency> <groupId>junit</groupId> <artifactId>junit</artifactId> <version>4.7</version> <scope>test</scope> </dependency> <!-- https://mvnrepository.com/artifact/mysql/mysql-connector-java --> <dependency> <groupId>mysql</groupId> <artifactId>mysql-connector-java</artifactId> <version>5.1.45</version> </dependency> <!-- https://mvnrepository.com/artifact/com.alibaba/druid --> <dependency> <groupId>com.alibaba</groupId> <artifactId>druid</artifactId> <version>1.1.6</version> </dependency> </dependencies> </project>
2.自定义realm(自定义realm可以的编写可以参考源码)
package com.ylht.shiro.realm; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationInfo; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.SimpleAuthenticationInfo; import org.apache.shiro.authz.AuthorizationInfo; import org.apache.shiro.authz.SimpleAuthorizationInfo; import org.apache.shiro.realm.AuthorizingRealm; import org.apache.shiro.subject.PrincipalCollection; import org.apache.shiro.util.ByteSource; import java.util.HashMap; import java.util.HashSet; import java.util.Map; import java.util.Set; public class CustomerRealm extends AuthorizingRealm { { super.setName("customRealm"); } //该方法用来授权 protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principalCollection) { //1.从认证信息中获取用户名 String username = (String) principalCollection.getPrimaryPrincipal(); //2.从数据库或者缓存中获取用户角色数据 Set<String> roles = getRolesByUserName(username); //3.从数据库或者缓存中获取用户权限数据 Set<String> permissions = getPermissionsByUserName(username); SimpleAuthorizationInfo simpleAuthorizationInfo = new SimpleAuthorizationInfo(); simpleAuthorizationInfo.setRoles(roles); simpleAuthorizationInfo.setStringPermissions(permissions); return simpleAuthorizationInfo; } //该方法用来认证 protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException { //1.从认证信息中获取用户名 String username = (String) authenticationToken.getPrincipal(); //2.通过用户名到数据库中获取凭证 String password = getPwdByUserName(username); if (null == password) { return null; } SimpleAuthenticationInfo simpleAuthenticationInfo = new SimpleAuthenticationInfo( username, password, "customRealm"); simpleAuthenticationInfo.setCredentialsSalt(ByteSource.Util.bytes("zzz")); return simpleAuthenticationInfo; } //模拟数据库 private String getPwdByUserName(String username) { Map<String, String> userMap = new HashMap<String, String>(16); userMap.put("kk", "bdd170a94d02707687abc802b2618e19"); return userMap.get(username); } //模拟数据库 private Set<String> getRolesByUserName(String username) { Set<String> sets = new HashSet<String>(); sets.add("admin"); sets.add("user"); return sets; } //模拟数据库 private Set<String> getPermissionsByUserName(String username) { Set<String> sets = new HashSet<String>(); sets.add("user:select"); sets.add("user:update"); return sets; } }
3.测试类(加密方式,盐等)
package com.ylht.shiro.test; import com.ylht.shiro.realm.CustomerRealm; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; import org.apache.shiro.authc.credential.HashedCredentialsMatcher; import org.apache.shiro.authz.AuthorizationException; import org.apache.shiro.crypto.hash.Md5Hash; import org.apache.shiro.mgt.DefaultSecurityManager; import org.apache.shiro.subject.Subject; import org.junit.Test; public class CustomRealmTest { @Test public void testCustomRealm() { //创建JdbcRealm对象 CustomerRealm customerRealm = new CustomerRealm(); //设置JdbcRealm属性 //1.创建SecurityManager对象 DefaultSecurityManager securityManager = new DefaultSecurityManager(); //securityManager对象设置realm securityManager.setRealm(customerRealm); //shiro加密 HashedCredentialsMatcher matcher = new HashedCredentialsMatcher(); //加密方式 matcher.setHashAlgorithmName("md5"); //加密次数 matcher.setHashIterations(2); //customerRealm设置matcher customerRealm.setCredentialsMatcher(matcher); //2.主题提交认证 SecurityUtils.setSecurityManager(securityManager); Subject subject = SecurityUtils.getSubject(); //token UsernamePasswordToken token = new UsernamePasswordToken("kk", "123456", false); //认证 subject.login(token); boolean flag = subject.isAuthenticated(); if (flag) { System.out.println("用户认证通过"); } else { System.out.println("用户认证失败"); } //角色验证 try { subject.checkRole("admin"); System.out.println("角色验证通过"); } catch (AuthorizationException e) { System.out.println("角色验证失败"); e.printStackTrace(); } //角色权限验证 try { subject.checkPermission("user:select"); System.out.println("角色权限验证通过"); } catch (AuthorizationException e) { System.out.println("角色权限验证失败"); e.printStackTrace(); } } public static void main(String[] args) { //Md5Hash md5Hash = new Md5Hash("123456","zzz"); Md5Hash md5Hash = new Md5Hash("123456"); System.out.println(md5Hash); Md5Hash md5Hash1 = new Md5Hash(md5Hash); System.out.println(md5Hash1.toString()); } }